Abstract
The famous zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARK) was proposed by Groth in 2016. Typically, the construction is based on quadratic arithmetic programs which are highly efficient concerning the proof length and the verification complexity. Since then, there has been much progress in designing zk-SNARKs, achieving stronger security, and simulated extractability, which is analogous to non-malleability and has broad applications. In this study, following Groth’s pairing-based zk-SNARK, a simulation extractability zk-SNARK under the random oracle model is constructed. Our construction relies on a newly proposed property named target linearly collision-resistant, which is satisfied by random oracles under discrete logarithm assumptions. Compared to the original Groth16 zk-SNARK, in our construction, both parties are allowed to use such a random oracle, aiming to get the same random number. The resulting proof consists of 3 group elements and only 1 pairing equation needs to be verified. Compared to other related works, our construction is shorter in proof length and simpler in verification while preserving simulation extractability. The results also extend to achieve subversion zero-knowledge SNARKs.
Similar content being viewed by others
References
Blum M, Feldman P, Micali S. Non-interactive zero-knowledge and its applications (extended abstract). In: Proceedings of the 20th Annual ACM Symposium on Theory of Computing. Chicago, 1988. 103–112
Goyal V, Jain A, Sahai A. Simultaneous amplification: The case of non-interactive zeroknowledge. In: Lecture Notes in Computer Science. Cham: Springer, 2019. 18–22
Yamashita K, Tibouchi M, Abe M. On black-box extension of a non-interactive zero-knowledge proof system for secret equality. In: Lecture Notes in Computer Science. Cham: Springer, 2020. 12578: 882–904
Abe M, Ambrona M, Ohkubo M. On black-box extensions of non-interactive zero-knowledge arguments, and signatures directly from simulation soundness. In: Lecture Notes in Computer Science. Cham: Springer, 2020, 12110: 558–589
Couteau G, Hartmann D. Shorter non-interactive zero-knowledge arguments and zaps for algebraic languages. In: Lecture Notes in Computer Science. Cham: Springer, 2020. 12172: 768–798
Belenkiy M, Camenisch J, Chase M, et al. Randomizable proofs and delegatable anonymous credentials. In: Lecture Notes in Computer Science. Berlin, Heidelberg: Springer, 2009. 5677: 108–125
Camenisch J, Dubovitskaya M, Haralambiev K, et al. Composable and modular anonymous credentials: Definitions and practical constructions. In: Lecture Notes in Computer Science. Berlin, Heidelberg: Springer, 2015. 9543: 262–288
Camenisch J, Krenn S, Lehmann A, et al. Formal treatment of privacy-enhancing credential systems. In: Lecture Notes in Computer Science. Cham: Springer, 2015. 9566: 3–24
Fuchsbauer G, Hanser C, Slamanig D. Structure-preserving signatures on equivalence classes and constant-size anonymous credentials. J Cryptol, 2019, 32: 498–546
Chen Z, Zhang L, Zhang S, et al. Access control scheme on blockchain and decentralized attributed-based algorithm with identity. Sci Sin Inf, 2021, 51: 1345
Fang N, Liu B, Kan H. Controllable anonymous authentication scheme based on blockchain and decentralized traceable attribute-based signature. Sci Sin Inf, 2021, 51: 1706
Yuan H, Liu B, Kan H, et al. Distributed public key infrastructure scheme based on blockchain and decentralized undeniable attribute-based signature. Sci Sin Inf, 2022, 52: 1135
Ben-Sasson E, Chiesa A, Genkin D, et al. SNARKs for C: Verifying program executions succinctly and in zero knowledge. In: Lecture Notes in Computer Science. Berlin, Heidelberg: Springer, 2013. 8043: 90–108
Bootle J, Cerulli A, Groth J, et al. Arya: Nearly linear-time zero knowledge proofs for correct program execution. In: Lecture Notes in Computer Science. Cham: Springer, 2018. 11272: 595–626
Parno B, Howell J, Gentry C, et al. Pinocchio: Nearly practical verifiable computation. In: Proceedings of the IEEE Symposium on Security and Privacy. Berkeley: IEEE, 2013. 238–252
Gennaro R, Gentry C, Parno B, et al. Quadratic span programs and succinct nizks without pcps. In: Lecture Notes in Computer Science. Berlin, Heidelberg: Springer, 2013. 7881: 626–645
Bootle J, Cerulli A, Chaidos P, et al. Foundations of fully dynamic group signatures. J Cryptol, 2020, 33: 1822–1870
Beullens W, Dobson S, Katsumata S, et al. Group signatures and more from isogenies and lattices: Generic, simple, and efficient. In: Lecture Notes in Computer Science. Cham: Springer, 2022. 13276: 95–126
Fraser A, Garms L, Lehmann A. Selectively linkable group signatures-stronger security and preserved verifiability. In: Lecture Notes in Computer Science. Cham: Springer, 2021. 10399: 200–221
Perera M N S, Nakamura T, Hashimoto M, et al. Almost fully anonymous attribute-based group signatures with verifier-local revocation and member registration from lattice assumptions. Theor Comput Sci, 2021, 891: 131–148
Ben-Sasson E, Chiesa A, Garman C, et al. Zerocash: Decentralized anonymous payments from bitcoin. In: Proceedings of the IEEE Symposium on Security and Privacy. Berkeley: IEEE, 2014. 459–474
Chiesa A, Green M, Liu J, et al. Decentralized anonymous micropayments. In: Lecture Notes in Computer Science. Cham: Springer, 2017. 10211: 609–642
Kosba A, Miller A, Shi E, et al. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In: Proceedings of the IEEE Symposium on Security and Privacy. San Jose: IEEE, 2016. 839–858
Bonneau J, Meckler I, Rao V, et al. Coda: Decentralized cryptocurrency at scale. Cryptology ePrint Archive, Report 2020/352, 2020. https://eprint.iacr.org/2020/352
Fauzi P, Meiklejohn S, Mercer R, et al. Quisquis: A new design for anonymous cryptocurrencies. In: Lecture Notes in Computer Science. Cham: Springer, 2019. 11921: 649–678
Bellare M, Fuchsbauer G, Scafuro A. Nizks with an untrusted CRS: Security in the face of parameter subversion. In: Lecture Notes in Computer Science. Berlin, Heidelberg: Springer, 2016. 10032: 777–804
Fuchsbauer G. Subversion-zero-knowledge SNARKs. In: Lecture Notes in Computer Science. Cham: Springer, 2018. 10769: 315–347
Abdolmaleki B, Lipmaa H, Siim J, et al. On subversion-resistant SNARKs. J Cryptol, 2021, 34: 17
Groth J, Maller M. Snarky signatures: Minimal signatures of knowledge from simulation-extractable SNARKs. In: Lecture Notes in Computer Science. Cham: Springer, 2017. 10402: 581–612
Baghery K, Pindado Z, Rafols C. Simulation extractable versions of groth zk-SNARK revisited. In: Lecture Notes in Computer Science. Cham: Springer, 2020. 12579: 453–461
Groth J. On the size of pairing-based non-interactive arguments. In: Lecture Notes in Computer Science. Berlin, Heidelberg: Springer, 2016. 9666: 305–326
Lipmaa H. Simulation-extractable SNARKs revisited. Cryptology ePrint Archive, Report 2019/612, 2019. https://eprint.iacr.org/2019/612
Bowe S, Gabizon A. Making groth’s zk-SNARK simulation extractable in the random oracle model. Cryptology ePrint Archive, Report 2018/187, 2018. https://eprint.iacr.org/2018/187
Kim J, Lee J, Oh H. Simulation-extractable zk-SNARK with a single verification. IEEE Access, 2020, 8: 156569
Danezis G, Fournet C, Groth J, et al. Square span programs with applications to succinct NIZK arguments. In: Lecture Notes in Computer Science. Berlin, Heidelberg: Springer, 2014. 532–550
Baghery K, Kohlweiss M, Siim J, et al. Another look at extraction and randomization of Groth’s zk-SNARK. In: Lecture Notes in Computer Science. Berlin, Heidelberg: Springer, 2021. 12674: 457–475
Chase M, Lysyanskaya A. On signatures of knowledge. In: Lecture Notes in Computer Science. Berlin, Heidelberg: Springer, 2006. 78–96
Abdolmaleki B, Ramacher S, Slamanig D. Lift-and-shift: Obtaining simulation extractable subversion and updatable SNARKs generically. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. New York, 2020. 1987–2005
Baghery K, Sedaghat M. Tiramisu: Black-box simulation extractable nizks in the updatable CRS model. In: Lecture Notes in Computer Science. Cham: Springer, 2021. 13099: 531–551
Ganesh C, Kondi Y, Orlandi C, et al. Witness-succinct universally-composable SNARKs. In: Lecture Notes in Computer Science. Cham: Springer, 2023. 14005: 315–346
Abdolmaleki B, Glaeser N, Ramacher S, et al. Universally composable nizks: Circuit-succinct, non-malleable and crs-updatable. Cryptology ePrint Archive, Report 2023/097, 2023. https://eprint.iacr.org/2023/097
Ganesh C, Khoshakhlagh H, Kohlweiss M, et al. What makes fiatshamir zkSNARKs (updatable srs) simulation extractable? In: Lecture Notes in Computer Science. Cham: Springer, 2022. 13409: 735–760
Dao Q, Grubbs P. Spartan and bulletproofs are simulation-extractable. In: Lecture Notes in Computer Science. Cham: Springer, 2023, 14005: 531–562
Galbraith S D, Paterson K G, Smart N P. Pairings for cryptographers. Discrete Appl Math, 2008, 156: 3113–3121
Escala A, Herold G, Kiltz E, et al. An algebraic framework for Diffie-Hellman assumptions. J Cryptol, 2017, 30: 242–288
Maller M, Bowe S, Kohlweiss M, et al. Sonic: Zero-knowledge SNARKs from linear-size universal and updatable structured reference strings. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. London, 2019. 2111–2128
Lipmaa H. Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments. In: Lecture Notes in Computer Science. Berlin, Heidelberg: Springer, 2012. 7194: 169–189
Author information
Authors and Affiliations
Corresponding author
Additional information
This work was supported by the National Key R&D Program of China (Grant No. 2019YFB2101703), the National Natural Science Foundation of China (Grant Nos. 62272107 and U19A2066), the Innovation Action Plan of Shanghai Science and Technology (Grant No. 21511102200), and the Key R&D Program of Guangdong Province (Grant No. 2020B0101090001).
Rights and permissions
About this article
Cite this article
Wang, L., Li, Y., Zhang, S. et al. Simulation extractable SNARKs based on target linearly collision-resistant oracle. Sci. China Technol. Sci. 67, 2853–2866 (2024). https://doi.org/10.1007/s11431-023-2580-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11431-023-2580-5